Login Sign Up

CVE-2021-0516

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This critical Android vulnerability allows attackers to remotely execute code and gain elevated privileges on affected devices without user interaction. It affects Android devices running versions 8.1 through 11 due to a memory corruption flaw in the Wi-Fi Direct (p2p) subsystem.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.1, 9, 10, 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with Wi-Fi Direct functionality enabled (default on most Android devices).

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote attackers to execute arbitrary code with system privileges, potentially installing persistent malware or accessing sensitive data.

🟠

Likely Case

Remote code execution leading to device takeover, data theft, or ransomware deployment on vulnerable devices.

🟢

If Mitigated

Limited impact if devices are patched, isolated from untrusted networks, or have Wi-Fi Direct disabled.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication, making internet-connected devices vulnerable to widespread attacks.
🏢 Internal Only: MEDIUM - Still exploitable on internal networks but requires attacker presence on the same network segment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

No public proof-of-concept available, but the high CVSS score and remote unauthenticated nature make weaponization likely by sophisticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2021-06-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2021-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install the June 2021 Android security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable Wi-Fi Direct

android

Turn off Wi-Fi Direct functionality to prevent exploitation via the vulnerable p2p component.

Settings > Connections > Wi-Fi > Wi-Fi Direct > Turn off

🧯 If You Can't Patch

  • Segment vulnerable devices on isolated network segments away from untrusted networks
  • Implement network monitoring for suspicious Wi-Fi Direct connection attempts

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version and Security patch level.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Security patch level shows 'June 1, 2021' or later date in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Wi-Fi Direct connection attempts
  • Crash logs from p2p_pd.c or related Wi-Fi services

Network Indicators:

  • Suspicious Wi-Fi Direct discovery packets from unknown sources
  • Unexpected peer-to-peer connection attempts

SIEM Query:

source="android_logs" AND (process="p2p" OR process="wpa_supplicant") AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2021-0516
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: June 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0516, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)